I was reading this article, and the author suggests I should have some kind of data security clause in an NDA to make sure the consultant takes reasonable steps to protect his access to my system and any data he obtains from it. He argues that NDAs typically just cover intentional disclosure or gross negligence, but not real security like using a VPN before entering passwords on an unencrypted website connection over unsecured wifi.
What do you think? Any idea what kind of clause I should add, or how to modify a standard NDA to cover it? I checked out the couple links he gave but I couldn't find anything specific.